Security Check

by Jeffrey Rosen | December 16, 2002

"We have always held out the shibboleth of Big Brother as a nightmare vision of the future that we're going to avoid at all costs," Al Gore told The New York Times at the end of November. The Bush administration, Gore said, has embarked on the "most systematic invasion of privacy of every American citizen that has ever been taken in this country." Gore was especially exercised by the Department of Defense's Total Information Awareness program, which proposes to use data-mining technologies to scan public and private databases of personal information and to create risk profiles on millions of American citizens. But he also criticized other recent efforts to tear down the wall that separates domestic intelligence-gathering from ordinary law enforcement. The bill creating a new Department of Homeland Security (DOHS), which Bush signed last month, presumes that the way to fight terrorism is to increase domestic surveillance and to relax the barriers that prevent federal agencies from sharing information with state and local law enforcement officials. Also last month, the appellate panel responsible for overseeing the U.S. Foreign Intelligence Surveillance Court issued its first opinion since it was founded two decades ago, upholding the administration's claim that prosecutors may use secret foreign intelligence wiretaps to search for evidence of crime. For all these reasons, Gore concluded, the Bush administration has "now taken the most fateful step in the direction of that Big Brother nightmare that any president has ever allowed to occur." He's half right. In fact, there is nothing inherently objectionable about increasing the power of federal officials to engage in domestic surveillance, as long as those powers are limited to the investigation and prosecution of terrorists. Domestic surveillance becomes dangerous, however, when federal officials are allowed to spy on millions of citizens suspected not of terrorism but of low-level crimes, such as drug offenses or illegally downloading copyrighted music. If the government insists on unrestricted access to our credit-card histories, Internet browsing, international phone calls, and bookstore purchases, who among us couldn't be prosecuted or embarrassed by some low-level wrongdoing? After the September 11 attacks, unfortunately, the idea of restricting the FBI and the DOHS from using information about low-level crimes that emerges from dragnet searches hasn't been high on the legislative agenda. Instead, Congress is being urged to adopt more modest privacy protections. In a widely cited report, the Markle Foundation recently called for an internal oversight body in the DOHS that would conduct automated audits of data-mining investigations to track who has access to personal information, what they're doing with it, and whether they are engaged in serious inquiries or fishing expeditions. Jerry Berman of the Center for Democracy and Technology argues, "Data should be anonymized to the maximum extent possible; there should be minimal retention of personally identifiable data; and the data should be accurate, complete, and relevant, giving individuals a chance to correct any inaccuracies." The trouble with these kinds of restrictions is that they are hard to reconcile with the principle of information-sharing and data-mining on which the DOHS has been founded. An agency dedicated to the generic scanning and analysis of millions of bits of personal data can't realistically ask American citizens to consent every time their data is scanned or shared. Instead, the better way to balance privacy and security in a world of integrated databases is to limit the use of evidence discovered in general data searches to the prosecution of terrorism and to prohibit the government from using it to prosecute low-level crimes. It's a simple bargain: The government gets expanded surveillance authority, but only if it agrees to use the authority to prosecute terrorists and not ordinary criminals. If the Bush administration won't accept this trade-off voluntarily, Congress should impose it as a matter of law. The recent decision by the Foreign Intelligence Surveillance Court shows the importance of reserving the most intrusive surveillance powers for the most serious crimes. Congress adopted the Foreign Intelligence Surveillance Act in 1978 partly in response to the excesses of J. Edgar Hoover's FBI, which had used domestic intelligence-gathering to prosecute critics of the Nixon administration for low-level crimes such as tax evasion. The law allows the government to conduct electronic surveillance of individuals when there is probable cause to believe they are agents of foreign powers, even if there is not probable cause to suspect them of particular crimes. In 1995, the Clinton administration adopted guidelines prohibiting prosecutors in the Justice Department from "directing or controlling" foreign intelligence investigations in an effort to prevent them from making an end run around the ordinary constitutional requirement that officials must obtain a warrant before engaging in electronic searches for evidence of ordinary crimes. This wall between domestic intelligence-gathering and criminal law enforcement made sense as a way of preventing Nixon from misusing the IRS records of Vietnam protesters, but it makes less sense in an age when officials need broad discretion to detect and prevent imminent criminal activity before it occurs. As the FBI's failure to seize Zacarias Moussaoui's computer shows, if after reviewing a suspect's flight-school record prosecutors have credible suspicions that someone is a terrorist, there's no reason they should have to wait for a warrant before ordering further surveillance. In its recent opinion, the Foreign Intelligence Surveillance Court agreed with the Bush administration that the U.S.A. Patriot Act had broken down the "traditional barriers between law enforcement and foreign intelligence." Accordingly, the court allowed prosecutors to use foreign intelligence wiretaps to search for evidence of serious crimes, as long as domestic law enforcement is not the only purpose of the investigation. The court emphasized that prosecutors couldn't use the extraordinary powers of the Foreign Intelligence Surveillance Act as part of routine searches for ordinary criminals, since the government needs to have probable cause at the outset to believe that the target of the surveillance is an international terrorist. Nevertheless, under the new rules, it's conceivable that the government might mistakenly believe that a citizen is an agent of Al Qaeda, secretly tap his phone and Internet logs, and then ultimately prosecute him for a crime unrelated to terrorism. To guard against broad fishing expeditions, then, Congress should simply restrict the government from using foreign intelligence information to prosecute crimes unrelated to terrorism. Instead of restoring the wall between law enforcement and intelligence-gathering, Democrats who are critical of the court's decision could instead amend the Foreign Intelligence Surveillance Act in a way that limits its broad search powers to the investigation and prosecution of terrorist acts. The same restrictions should apply to the vastly expanded information- sharing contemplated by the new Department of Homeland Security. During the 1970s and 1980s, domestic surveillance was restricted by a combination of bureaucratic and technological inefficiencies, making it hard for local police officials, for example, to check their records against the FBI's watch lists. Moreover, the Privacy Act of 1974 generally prohibits government agencies from sharing information without a citizen's consent (there are many exceptions for law enforcement and national security), and it allows citizens to access and correct any files that the government keeps on them. But after September 11, 2001, those bureaucratic, technological, and legal barriers on information- sharing have become obsolete. Both the U.S.A. Patriot Act and the homeland security bill give the government increased authority to share criminal evidence obtained in grand jury investigations with domestic intelligence investigators and also to share intelligence information with state and local officials. But, although the recent laws dismantle old safeguards for privacy, they don't establish meaningful new ones. The only new privacy protection in the homeland security bill is a DOHS privacy officer who reports to Congress but has no independent authority to criticize the department he works for. The dangers of this vast expansion of domestic surveillance authority are clear. Data-mining is a very imprecise way of identifying terrorists: The risks of mistaken identification are high, and the costs of wrongly identifying someone as a terrorist are even higher. For example, The Wall Street Journal recently reported that an FBI watch list widely circulated to private employers was riddled with inaccuracies, misspellings, and people who had been wrongly identified as terrorists. Many of these innocent victims were denied jobs, repeatedly stopped at the airport, and found it very difficult to clear their names once they had been tagged as suspicious in computer databases. For celebrities and prominent politicians, there is also a danger that rogue FBI agents might leak embarrassing personal information to the news media or to opposition research teams in an effort to curry favor with their political superiors. Finally, if the threat of terrorism turns out to have faded in a decade, it's easy to imagine that the expanded authority to troll for low-level crimes might be used as a tool for the enforcement of, say, drug laws. By giving the police virtually unlimited discretion to pick and choose among low- level offenders, the new laws might increase the sense among certain classes of citizens that they are living in a police state. If the dangers of increased information-sharing include mistaken identification, politically motivated leaks, and unlimited police discretion, then the solution is clear. As William Stuntz of Harvard Law School argues in a recent issue of The Yale Law Journal, expanded surveillance authority and information-sharing among federal agencies is perfectly defensible if--and only if--the government can use the new authority just to prosecute the most serious crimes and is prohibited from using, sharing, or leaking evidence of low-level crimes. Stuntz would limit the list of crimes that could be prosecuted based on evidence produced by data-mining or foreign intelligence searches to the most serious offenses--terrorism, murder, kidnapping, rape, and child molestation. My own view is that, at least in the investigation of citizens, the only crimes that the government should be able to pursue with its new surveillance authority should be directly related to terrorism. But, in deciding precisely where to draw the line, Congress could use as its model the German secret service, which is legally prohibited from passing on to ordinary prosecutors any evidence of low-level crimes, even if it acquires the evidence lawfully. Thanks to the legacy of the Nazis and the Stasi, the Germans have learned a lesson that we haven't yet absorbed: When domestic intelligence officials cooperate too closely with ordinary prosecutors, political oppression is never far behind.

Source URL: